hrobot.firewall: Request failed: 400 INVALID_INPUT (invalid input) about community.hrobot HOT 10 CLOSED

Hmm, I tried slightly different firewall configs, and they worked fine:

    - community.hrobot.firewall:
        hetzner_user: "{{ hetzner_user }}"
        hetzner_password: "{{ hetzner_pass }}"
        server_ip: "{{ server_ip }}"
        # server_number: "{{ server_no }}"
        port: main
        state: present
        filter_ipv6: false
        allowlist_hos: true
        rules:
          input:
            # - name: "Allow ICMP"
            #   ip_version: "ipv4"
            #   protocol: icmp
            #   action: "accept"
            - name: "Allow all"
              ip_version: "ipv4"
              action: "accept"
          output:
            - name: "Allow all"
              action: "accept"

I tried this both with server_number and server_ip (both worked fine), and with the ICMP rule commented in and out.

from community.hrobot.

Hey felix,
thank your very much for your help and time invested. Overseen the now required 'filter_ipv6'. As my receipes are a bit mature, this parameter was missing. Everything works fine.

from community.hrobot.

Let me reopen this, since this error shouldn't happen, the module should either complain (with details what's missing) or somehow use a default value. I'll try to look into this later this week.

from community.hrobot.

(And thanks for figuring out that this is related to filter_ipv6, that saves me some time :) )

from community.hrobot.

Yes, I also thought about it afterwards. Somewhat more meaningful error messages would be nicer overall. 400 INVALID_INPUT is so terribly unspecific.

from community.hrobot.

I wish the API would return more useful error messages... (Or maybe we're not passing them on correctly? I'll hopefully also figure that out during debugging :) )

from community.hrobot.

Actually there were some more details. I've extended the code to show them: "msg": "Request failed: 400 INVALID_INPUT (invalid input). Invalid input parameters: ['rules'].".

Trying this out some more, I found that the problem is with - name: Allow ICMP protocol, so you can ping your server. With the comma, it fails (invalid). Without the comma, it works fine 😮 When trying to set that name in the UI, I get the message Ungültige Zeichen, erlaubt sind: A-Z a-z 0-9 - + _ . @. That information is unfortunately not mentioned in the API docs...

from community.hrobot.

(Leaving away filter_ipv6 isn't a problem BTW, I tested that first.)

from community.hrobot.

Interesting, the text "Allow ICMP protocol, so you can ping your server" is from your doc. I used it after I just couldn't get mine to work. Maybe you should change it.

from community.hrobot.

Good point!

I've created #89 to improve error reporting and documenation of the firewall module.

from community.hrobot.